Sorry Linux Users, glibc 2.37 And 2.36 Have A Serious Vulnerability
Free Root On Debian, Ubuntu, and Fedora
Hey Linux admins, time to update your GNU C Library to 2.38 as glibc 2.37 and glibc 2.36 have a rather nasty vulnerability. There is a difficult but not impossible to exploit heap-based buffer overflow attack which will give an attacker root access to your devices, at which point you are pretty much hosed. The glibc vulnerability was proven to work on a wide variety of distros, including Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39. It is very likely other versions are also susceptible.
Just in case your digestion hasn’t been completely ruined, Qualys, the security company that revealed this flaw also found three others. While they are not quite as horrific, all are related to glibc which is something you really can’t live without. Time to get patching!
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
More Tech News From Around The Web
- Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released @ The Register
- CISA: Vendors must secure SOHO routers against Volt Typhoon attacks @ Bleeping Computer
- It’s true, LLMs are better than people – at creating convincing misinformation @ The Register
- A Basic USB-C Primer @ Hackaday
